1. Knowledge base
  2. Security and Compliance

Yva.ai software security

Depending on software settings Yva.ai platform may send weekly smart-surveys to the employees (active analytics) and/or analyze the digital interactions of employees (passive analytics).

Yva.ai platform supports both on-premise/self-hosted deployment and Yva.ai public cloud services. The following description is valid for both SaaS and on-premise solutions.

Architectural Design

Yva.ai uses the following architecture.

For the corporate sources connection Yva.ai uses the following scheme.

User interaction with Yva.ai 

Yva.ai users have access to the necessary information only: for most users, interaction with Yva.ai is limited to responding to surveys and viewing dashboards. By default, Yva.ai anonymizes employee interactions and feedback by aggregating data from groups of at least 5 employees.

A user interacts with Yva.ai through the web interface. Access to the web interface is restricted to authorized users. Yva.ai supports SAML2 and Passwordless authentication protocols. For the Single Sign-on we use Google OAuth2, Microsoft OAuth2 credentials and SAML 2.0 protocol. The information is provided in the table below.

Used credentials

Scopes

Google OAuth2

userinfo.profile, userinfo.email

Microsoft OAuth2

User.Read

SAML 2.0 protocol

email, firstName, lastName

For the log-in confirmation Yva.ai sends the client’s employee an email with one-time code.

The users that are marked as surveys recipients get invitations with the links to 60-second surveys to their emails. 

Depending on their role, users can access different dashboards. 

Levels of access

Yva.ai supports role-based access control. There are three groups of users: user, manager, administrator, each group has different privilege to access dashboards and configuration panels. 

 

User

Manager 

Administrator

My report dashboard

Yes Yes Yes

Company report dashboard

  Yes Yes

Group Report dashboard

  Yes Yes

Engagement Quadrant dashboard

  Yes Yes

Employee report dashboard

    Yes

Configure the sources, manage Yva.ai users

    Yes

Access and download anonymized data  

    Yes

Updates 

To ensure optimal performance and security, Yva.ai, Inc. regularly releases patches, fixes, updates and/or enhancements for Yva.ai. The update process can be initiated from the administrator panel and the latest version will be downloaded from our servers. If Yva.ai is installed in an isolated environment, the system can be updated manually by our support engineers.

Support 

  • Technical support via email (support@yva.ai) is available during business hours 
  • Remote assistance is available in case a client provides Yva.ai engineers with remote access to their servers 

Yva.ai Self-hosted Solutions peculiarities

Yva.ai on-premise/self-hosted deployment means it works within the client's environment and runs on the client's hardware. This way Yva.ai can be used without access to the Internet. The following description is valid only for on-premise solutions.

Transmission of information

User data does not transit through Yva.ai, Inc.’s servers; all the data is processed within the client’s infrastructure. The client remains the only operator processing employee data.

Yva.ai, Inc. support team may request logs (Diagnostic Data) that the client may retrieve through the special interface and send to us. Logs may contain some user data, such as email addresses. 

The client may grant us the right to use anonymized user data to improve our solutions or to provide additional services outside the scope of the standard deployment. If the client chooses to provide us with the data, it is transferred and stored in encrypted form. The final decision whether to grant this right lies with the client.  

Deployment scheme 

Yva.ai is installed and runs on the server on the premises of the client and is connected to Collaboration  sources, such as mail server Microsoft Exchange, Microsoft365, Google Workplace, Slack, and others. 

Configuration 

The administrator manages Yva.ai users, roles, and their permissions. User lists can be uploaded from AD, Google Workplace, Microsoft 365 or manually. The client can also whitelist or blacklist users.  

The administrator grants Yva.ai rights to process user data by selecting the data sources they want to connect for each user from the list. For Microsoft 365, Google Workplace and Slack access is delegated through OAUTH2. 

To connect to Microsoft  Exchange, the mail server requires a service account with permission to access users’ mailboxes. Access of this service account can be limited with the standard tools of Microsoft Exchange.

 

 

 

← Previous

Data privacy